Microsoft Sits on Security Flaw for Six Months
David Kramer
david at thekramers.net
Wed Feb 11 07:36:10 EST 2004
From /.
Posted by michael on Tuesday February 10, @04:13PM
from the you've-already-been-hacked dept.
pmf writes "Yet another critical vulnerability affecting Windows 2000/XP/2003
has been just announced by eEye. It is worthy to note, that it took Microsoft
over 6 months to fix it. The bug affects ASN.1 library and is remotely
exploitable through authentication subsystems (Kerberos, NTLMv2) and
applications that make use of SSL certificates." The AP has an overview.
http://www.eeye.com/html/Research/Advisories/AD20040210.html
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
http://apnews.myway.com//article/20040210/D80KJ01G1.html
----------------------------------------------------------------------------
DDDD David Kramer david at thekramers.net http://thekramers.net
DK KD One last warning: don't believe anything that you read in this
DKK D document. Every effort has been made to ensure that this document
DK KD is incomplete and inaccurate, and I take no responsibility for an
DDDD glimmers of correct information that may, by some fluke, be here.
UW_IMAP documentation
More information about the Discuss
mailing list